JasperLoader Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Zeitverlauf

Sprache

en48
ru2
es2
de2

Land

us34
cn10
ru4
id2
ir2

Akteure

JasperLoader2
Conti2
SharkBot2
BazarBackdoor2
Remcos2

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined28
Content Management System6
JavaScript Library2
Bug Tracking Software2
Hosting Control Software2

Hersteller

Not Defined14
Jitbit2
Teradici2
Joomla2
3CX2

Produkt

WordPress4
Jitbit Helpdesk2
Teradici PCoIP Agent2
Teradici PCoIP Client2
Joomla CMS2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1SugarCRM SQL Injection5.85.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00208CVE-2020-17373
2Xerox WorkCentre erweiterte Rechte7.57.2$0-$5kWird berechnetNot DefinedOfficial Fix0.000.00117CVE-2018-20767
3Accellion Kiteworks API Call token schwache Authentisierung6.96.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00152CVE-2017-9421
4Plesk Obsidian REST API commands Cross Site Request Forgery4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00075CVE-2022-45130
5Delta Electronics DX-2100-L1-CN urlfilter Cross Site Scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00056CVE-2022-42141
6Delta Electronics DX-2100-L1-CN net_diagnose erweiterte Rechte6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00188CVE-2022-42140
7jQuery html Cross Site Scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.06124CVE-2020-11022
8Apache HTTP Server mod_proxy erweiterte Rechte7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.00115CVE-2021-33193
9Google Android Kernel Pufferüberlauf6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.00064CVE-2021-1048
10TP-Link WRD4300 Web Interface Information Disclosure4.34.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.16811CVE-2020-35575
11Teradici PCoIP Agent/PCoIP Client PCoIP.exe erweiterte Rechte6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2019-20362
12QlikTech Qlikview XML Data AccessPoint.aspx XML External Entity7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.05489CVE-2015-3623
13MinIO Admin API schwache Authentisierung8.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00116CVE-2020-11012
14Jitbit Helpdesk Password Reset Link PRNG schwache Verschlüsselung5.95.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.16475CVE-2017-18486
153CX Phone System Management Console Directory Traversal5.45.0$0-$5k$0-$5kProof-of-ConceptWorkaround0.020.00275CVE-2017-15359
16nextgen-gallery Plugin Directory Traversal7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00181CVE-2018-7586
17SiteBuilder SiteBuilder Elite erweiterte Rechte7.36.9$0-$5kWird berechnetProof-of-ConceptNot Defined0.020.00795CVE-2008-1123
18K2 Component Access Control Directory Traversal7.06.3$0-$5kWird berechnetProof-of-ConceptNot Defined0.000.00159CVE-2018-7482
19Joomla CMS Hathor postinstall Message SQL Injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.17094CVE-2018-6376
20DZCP deV!L`z Clanportal config.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.630.00943CVE-2010-0966

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
1185.158.249.116tropical.nordicsurge.comJasperLoader13.04.2022verifiziertHigh
2XXX.XXX.XXX.XXXXxxxxxxxxxxx13.04.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3T1059CWE-94Argument InjectionprädiktivHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxprädiktivHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
10TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
11TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxprädiktivHigh
13TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
14TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxprädiktivHigh
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File%PROGRAMFILES(X86)%\Teradici\PCoIP.exeprädiktivHigh
2File/.vnc/sesman_${username}_passwdprädiktivHigh
3File/api/RecordingList/DownloadRecord?file=prädiktivHigh
4File/api/v2/cli/commandsprädiktivHigh
5File/xxxx/x_xxxxxx_xxxxxxxx_xxxxxprädiktivHigh
6File/xxxxx/xxxxxprädiktivMedium
7File/xxx/xxx/xxxprädiktivMedium
8File/xxx-xprädiktivLow
9File/xxxxxxx/prädiktivMedium
10File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/prädiktivHigh
11Filexxxxxxxxxxx.xxxxprädiktivHigh
12Filexxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxprädiktivHigh
13Filexxx/xxxxxx.xxxprädiktivHigh
14Filexxxxx/xxx_xxxxxxxxprädiktivHigh
15Filexxxxx/xxxxxxxxxprädiktivHigh
16Filexxxx.xxxprädiktivMedium
17Filexxxxx_xxxxxxxx.xxxprädiktivHigh
18Filexxxxxxx_xxxxxxx.xxxprädiktivHigh
19Filexxxx.xxxprädiktivMedium
20Filexx-xxxxx/xxxx-xxx-xxxx.xxxprädiktivHigh
21Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxprädiktivHigh
22ArgumentxxxxxxxxprädiktivMedium
23ArgumentxxxxxxxxprädiktivMedium
24ArgumentxxxprädiktivLow
25Argumentxxxx/xxxxx/xxxxx_xxxxxxxxxxxprädiktivHigh
26ArgumentxxxxxxxxprädiktivMedium
27ArgumentxxprädiktivLow
28Argumentx_xxxxxxxxprädiktivMedium
29Argumentxxxx_xxxxprädiktivMedium
30ArgumentxxxxxxprädiktivLow
31ArgumentxxxxxprädiktivLow
32ArgumentxxxxxxxxprädiktivMedium
33Network PortxxxxprädiktivLow
34Network Portxxx xxxxxx xxxxprädiktivHigh

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!